[pycrypto] Verify DSA bytestring signature

Legrandin helderijs at gmail.com
Sun Apr 6 02:50:53 PDT 2014


How was the signature created exactly?

The .verify() method of a DSA object requires two integers, and there are
several ways to encode them into a bytestring. It's very hard to guess the
correct one for your case.

FYI, there is a long standing pull request I created to add a saner DSA API:

https://github.com/dlitz/pycrypto/pull/53

The verification method accepts DER or big-endian encoded signatures.



2014-04-05 21:03 GMT+02:00 Winston Weinert <winston at ml1.net>:

> Hello,
>
> I noticed in Git there is a "verify" method on Crypto.PublicKey.DSA. How do
> I go about using this method? It wants a tuple, but unsure how to create
> the appropriate tuple from my bytestring (which is decoded base64 text).
> This is git revision 2d1aecd. The relevant code and error:
>
> Code:
>
> def validate(dsa_pubkey, signature, zipfile):
>     with open(dsa_pubkey, 'rb') as f:
>         pubkey = DSA.importKey(f.read())
>     with open(zipfile, 'rb') as f:
>         h = SHA1.new()
>         h.update(f.read())
>         zipfile_digest = h.digest()
>     decoded_signature = base64.b64decode(signature)
>
>     return pubkey.verify(zipfile_digest, decoded_signature)
>
> Error:
>
> Traceback (most recent call last):
>   File "sparkle_tool.py", line 67, in <module>
>     validate_files(appcast, dsa_pubkey)
>   File "sparkle_tool.py", line 55, in validate_files
>     if validate(dsa_pubkey, signature, local_file):
>   File "sparkle_tool.py", line 33, in validate
>     return pubkey.verify(zipfile_digest, decoded_signature)
>   File
> "/home/winston/jobber/venv/local/lib/python2.7/site-packages/Crypto/PublicKey/DSA.py",
> line 222, in verify
>     return pubkey.pubkey.verify(self, M, signature)
>   File
> "/home/winston/jobber/venv/local/lib/python2.7/site-packages/Crypto/PublicKey/pubkey.py",
> line 126, in verify
>     return self._verify(M, signature)
>   File
> "/home/winston/jobber/venv/local/lib/python2.7/site-packages/Crypto/PublicKey/DSA.py",
> line 240, in _verify
>     (r, s) = sig
> ValueError: too many values to unpack
>
> Thanks a bunch!
> --
> Winston Weinert
> winston at ml1.net
> _______________________________________________
> pycrypto mailing list
> pycrypto at lists.dlitz.net
> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dlitz.net/pipermail/pycrypto/attachments/20140406/87e21505/attachment.html>


More information about the pycrypto mailing list